Segger emSSL- Transport Layer Security

What is emSSL?

emSSL is a SEGGER software library that enables secure connections across the Internet. emSSL offers both client and server capability.

SSL/TLS is a must-have in nearly every application which is connected to the Internet. Products of the IoT, smart grid or home automation markets benefit from securing their communication.

emSSL offers the possibility to establish a secured connection to any server application from your product. It can be used both target independent in native computer applications, as well as in embedded targets.

* Optional feature for secure devices that support cryptographic memory. Please contact SEGGER for device support and availability.
** emSSL delivers the secure connection only. An SMTP client is required to send the email.

Why should I use emSSL?

emSSL offers all features for current TLS and includes its latest protocol versions.

emSSL is a high quality product designed to be used easily but without any cutbacks.

emSSL is not covered by an open-source or required-attribution license and can be integrated in any free, commercial, or proprietary product without the obligation to disclose the combined source.

emSSL is provided as source code and offers transparency for all included modules, allowing inspection by auditors.

emSSL is portable. The complete software is written in ANSI C and is compiler and target independent. It can be implemented in PC applications as well as in embedded software.

emSSL is configurable. It is created for high performance and a low memory footprint. The library can be configured to fit any speed or size requirements. Unused features can be excluded, additional features can easily be added.

Supported Cipher Suites

emSSL includes the most commonly used cipher suites, which allows to connect to nearly every TLS-supporting server.
With emSSL the cipher suites can be added dynamically. When the required cipher suites are known it is possible to create a minimal size configuration by not linking in unused algorithms. This is can be done by the compiler/linker automatically. With the included scan suites application it is possible to find out the required cipher suite(s) to connect to a server.
The following list shows the cipher suites which are available in emSSL.

Performance

emSSL is built for high performance with target independent code. It is completely written in ANSI C and can be used in any embedded application, as well as in PC applications.

Performance Test

The following results show the connection time of a Cortex-M4, running at 200MHz from internal flash memory, using internal RAM.

Cipher Suite

RSA key length [bit]

SSL time [ms]1

RSA-WITH-AES-256-CBC-SHA-256

2048

64

ECDHE-RSA-WITH-AES-256-CBC-SHA

2048

470

1: Results may vary depending on the compiler, compiler settings and memory timings of the microcontroller used.
The times are measured for the negotiation phase, connecting to www.segger.com and www.google.com with the key exchange algorithms (marked in bold).
Cipher Suite is the used cipher suite for this connection which is supported by emSSL and the server.
SSL time is the time required by emSSL to fully agree the session keys for a secure connection — it excludes transmission and reception times over the IP transport which are highly variable.

Included Applications

emSSL includes some sample utilities in source to show how to use emSSL and as precompiled executables. Applications for benchmark and validation tests are part of the package, too.

Application name

Target platform

Description

BrowseDemo

Windows

Get a webpage via HTTPS and print it to the console.

PrintCert

Windows

Read an X.509 SSL certificate and print its information to the console.

ScanSuites

Windows

Scan a server for its supported cipher suites.

TwitterDemo

Windows

Show Twitter followers of @SEGGERMicro.

Example application

This application opens a connection to the SEGGER web site and retrieves the HTML index document over a fully secured connection. As you can see, emSSL makes working with secure sockets a breeze!

Q: Does emSSL support older versions of SSL?
A: No. emSSL supports only TLS 1.0 and higher. SSL 3.0 and prior are considered insecure and should not be used.

Q: I want to connect to a specific server with only one cipher suite. Do I have to include the complete emSSL in my project?
A: No. emSSL allows to select which cipher suites will be included. Unused modules can be removed from the project or may not be linked into the application, reducing the size to a minimum.

Q: I want to connect to a server on the internet. Which cipher suites will I need?
A: This depends on the server you want to connect to. emSSL includes an application to scan a server for its available cipher suites. If the server configuration does not change, only one of the available cipher suites needs to be included.

Q: I want to to secure my server with emSSL. Is this possible?
A: Not yet. The server side, including certificate management, will be available in the near future. Feel free to contact info@segger.com for planned releases.

Q:
My question is not listed here. What can I do?
A: If you have any further questions about emSSL, feel free to contact us at info@segger.com

Glossary

The following table explains the abbrevations used in the cipher suite names.